Jones: OpenSSH bravely addresses the quantum threat
(Medium) Duncan Jones, Head of Cybersecurity at Cambridge Quantum/Quantinuum, penned this article explaining “Post-quantum algorithms are now the default choice in OpenSSH 9.0.” Inside Quantum Technology News summarizes Jones discussion below:
“OpenSSH has surprised and delighted the cyber world by switching to a hybrid post-quantum scheme in its latest 9.0 release. “The software now uses a combination of NTRU Prime, alongside old favourite X25519, to negotiate the session keys that protect data in transfer.
The release notes the rationale was to prevent “hack-now, decrypt-later” attacks, in which an attacker harvests encrypted data so they can hack it using a quantum computer in the future. Previous versions of OpenSSH were vulnerable to this type of attack because the algorithms used to negotiate encryption keys were based on mathematical problems that powerful quantum computers are expected to crack. Anyone sharing sensitive data across an OpenSSH connection was risking data exposure in 10 or 15 years when quantum computers increase in power. The Cloud Security Alliance argues this moment may come as soon as 2030.
The OpenSSH team should be applauded for taking a public stand at a time when most security products are in a holding pattern waiting for the NIST post-quantum process to complete. Although the timing of their release is surprising, with major NIST announcements expected in the days to come, it shows they value user security above the potential inconvenience of adjusting algorithms in subsequent releases.
You might wonder what happens if the post-quantum algorithm is broken in the near future, as we saw recently with Rainbow. In such instances, the security of the connection collapses back to the security of the quantum-vulnerable algorithm. This means the data is perfectly safe against today’s attackers, but potentially vulnerable to quantum attacks in the future. In short, you lose nothing by experimenting with hybrid approaches. In the worst case, you are no worse off, and in the best case, you are quantum-safe. OpenSSH has reminded the world that little is lost by embracing quantum-safe algorithms in an aggressive manner, provided a hybrid approach is used. If you combine these algorithms with quantum-enhanced key generation, you can catapult to the cutting edge of connection security and feel confident you’ve taken every precaution available today.
Jones concludes, “Bravo to OpenSSH for getting the ball rolling.”
Sandra K. Helsel, Ph.D. has been researching and reporting on frontier technologies since 1990. She has her Ph.D. from the University of Arizona.